Setup an SMTP server with user authentication using postgres, postfix, and dovecot on Debian 8

Please note: this tutorial assumes postgres is already setup and configured on the machine.
Install & configure the dovecot and postfix:

apt-get install dovecot-core dovecot-pgsql postfix -y

Provision the smtp database in postgres:

su -c "psql -c \"CREATE USER smtp WITH PASSWORD 'smtp';\"" postgres
su -c "psql -c \"CREATE DATABASE smtp WITH OWNER=smtp;\"" postgres

Encrypt you password using doveadm tool and SHA512-CRYPT:

doveadm pw -s SHA512-CRYPT -p test1234 -r 100000

Create the SQL file with your one test user:

cat > smtp.sql<<EOT
    id SERIAL,
    username VARCHAR(128) NOT NULL,
    password VARCHAR(512) NOT NULL,
    constraint username_key unique (username)
insert into users (username, password) values ('emailuser01', '************************');


Import your SQL table and test user:

psql -h localhost -d 'smtp' -U smtp -W < smtp.sql

Configure dovecot
Open /etc/dovecot/conf.d/10-master.conf in your favorite text editor and uncomment the following:

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666

Enable SQL and login auth:

sed -i "s/auth_mechanisms = plain/auth_mechanisms = plain login/g" /etc/dovecot/conf.d/10-auth.conf
sed -i "s/\!include auth-system.conf.ext/#\!include auth-system.conf.ext/g" /etc/dovecot/conf.d/10-auth.conf
sed -i "s/#\!include auth-sql.conf.ext/\!include auth-sql.conf.ext/g" /etc/dovecot/conf.d/10-auth.conf

Disable the default password scheme

sed -i "s/default_pass_scheme/#default_pass_scheme/g" /etc/dovecot/dovecot-sql.conf.ext

Enable SHA512-CRYPT and set database parameters

cat >>/etc/dovecot/dovecot-sql.conf.ext<<EOT
default_pass_scheme = SHA512-CRYPT
driver = pgsql
connect = host=localhost dbname=smtp user=smtp password='smtp'
password_query = select username as user, password from users where username = '%n';


Restart dovecot

service dovecot restart

Configure postfix to use dovecot for sasl

postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'smtpd_sasl_path = private/auth'

Enable submission for clients on port tcp/587

sed -i "s/\#submission/submission/g" /etc/postfix/

Restart postfix

service postfix restart

Email client setup example

Now configure your mail client to use the SMTP server. For this example we will say the mail client is postfix and the smtp server we just setup has an IP of emailuser01:test1234 > /etc/postfix/sasl_passwd
postmap hash:/etc/postfix/sasl_passwd
cat >>/etc/postfix/ <<EOT

smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
relayhost =


Restart postfix

service postfix restart

Send test email

echo "TEST" > testemail
mail -s "TEST EMAIL" < testemail

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.